Να θυμίσω πως ο i0n1c είναι ο πρώτος που βρήκε το untethered jailbreak του 5.1 και το ανέβασε σε video αλλά δεν το έδωσε στην δημοσιότητα καθώς δεν συνεργάζεται με την ομάδα της DevTeam,
Διαβάστε περισσότερα στην συνέντευξη....
Greetings and welcome on iSpazio.net! Let's start by talking a little about yourself: we know that you're a professional figure in the hacking. How did you “gain” this passion for technology, and when did you start to hack something?
Quote
I got my first computer when I was
about 8 and broke it one week later because I was tweaking some
settings I was not supposed to tweak. My parents did not want me to
waste time playing video games so I learned programming instead and was
very interested in doing the low level stuff. But I guess I was at least
16 until I started so realize the wonderful things you can achieve by
changing the code of other people. I guess I could have gotten earlier
into the game, but I never had any kind of internet or mailbox access on
my own before I was 17/18.
For most of our users, you're famous because of the iOS 4.3.X's jailbreaks and recently for the unreleased jailbreak technique for iOS 5.1 and 5.1.1: how's dealing with iOS security?
Quote
Dealing
with iOS security is like dealing with any other security topic, with
the difference that it is more challenging than PHP security or web application security
which was my previous research topic. The other difference is that
hacking iPhones and researching jailbreaking topics brings you in
contact with the actual enduser that directly benefits from your work.
This is something very different from other fields in security. Most of
the time you only deal with application developers that do not really
like that you find problems in their code, or with admins that have to
upgrade to the newest version of a piece of
software. I guess there are not many fields in IT security where the
actual enduser has ever heard the name or nick of a person involved in
finding a vulnerability or writing the actual exploit. Having
experiences both I think I prefer an angry developer over an angry
jailbreaker.
We've heard that you're not releasing the iOS 5.1 and 5.1.1 jailbreak because, for many users, jailbreak means piracy: is there actually a way to block it?
Quote
Whatever
you have heard about why I am not releasing a jailbreak is most
probably wrong. The jailbreak community tends to just pick random tweets
and spin rumours or consipracy theories around them. As an example I
get a number of request by email or twitter every day from people who
want to pay money to get the jailbreak, because they heard I sell it. In
fact I never said that I would sell my jailbreak, I merely discussed
the fact that while the developers do all the work for free
there are plenty of people who make a huge sum of money with every new
jailbreak. There are the people that sell Cydia apps, the people that
make iOS newsites and tutorials about JBing (including ads), the people
who get paid for installing the free JB on someone's device, the people
that weaponize the public exploit for malicious purposes, the people
that just take eg the bootrom exploit and create expensive tools for law
enforcement agencies from it, the security researchers that can only do
research on jailbroken devices and sell consulting afterwards. I might
have forgotten some other players that make money
out of a free jailbreak, but I think you get the picture. People in the
JB community seem to not understand that from my point of view spending
months of work to perfect a JB and then releasing this for free is a waste. And of course they are angry when I tell pod2g about it because they fear I convince him to do something more valuable with his time.
Speaking of piracy. I am pretty sure that it would be possible to do a JB that will block the most common ways to install pirated applications on a device. But there is no way to stop pirates from reversing the JB and tweaking it. It might take them a while, because after all iOS JBs involve low level kernel code that can do all kinds of dirty tricks, but in the end they would figure it out. Maybe not fast enough until Apple closes the vulnerability and effectively kills the jailbreak. After all it would not be worth the hassle. Why would someone like Musclenerd or Pod2g spend days or weeks coding something like that, knowing that it would only last a few days.
Speaking of piracy. I am pretty sure that it would be possible to do a JB that will block the most common ways to install pirated applications on a device. But there is no way to stop pirates from reversing the JB and tweaking it. It might take them a while, because after all iOS JBs involve low level kernel code that can do all kinds of dirty tricks, but in the end they would figure it out. Maybe not fast enough until Apple closes the vulnerability and effectively kills the jailbreak. After all it would not be worth the hassle. Why would someone like Musclenerd or Pod2g spend days or weeks coding something like that, knowing that it would only last a few days.
If nowadays users do jailbreak only for piracy purpopes, do you think that there is still someone that actually do it for have full control of their own iPhone?
Quote
Of
course there are people that jailbreak because they want to have full
control of their own iPhone, of course there are people that need a
jailbreak to install the latest Cydia tweaks and of course there are
people that jailbreak to do security research or whatever. But each of
these groups highly overestimates their own size and importance. The
vast majority of people have always jailbroken for pirating stuff or
unlocking their phone. Whoever denies this is delusional. When you look
at average people and their jailbroken iPhones you will see they have
hundreds of Applications installed and Apple is lucky if they paid for a
single one of it.
And yes there is also a group of people that say they only pirate apps and buy them later because there is no way to try an app before you buy it. I personally think that Apple could solve that legitimate request by offering such feature.
For me it doesn't matter what reason people jailbreak for, it has no influence on my decision to not waste months of my work just to enable other people to do what they want.
And yes there is also a group of people that say they only pirate apps and buy them later because there is no way to try an app before you buy it. I personally think that Apple could solve that legitimate request by offering such feature.
For me it doesn't matter what reason people jailbreak for, it has no influence on my decision to not waste months of my work just to enable other people to do what they want.
On may the 8th, your new book about the hacking of iOS finally came out: why did you feel the necessity to write it?
Quote
Well
whenever a field develops over the years and more and more content for a
specific topic is collected at some point the logical consequence is to
write a book about it. Of course nowadays you can find a lot of
information on the internet but this information is usually
spread over hundreds of websites and sometimes important facts are not
yet public at all. So the idea to create a book and collect all this
information in one place allows someone new to the field to dig through
it in a easier way. So in the long run this book will allow more people
to get into iOS hacking in a faster way. However iDevices are not an
easy target to attack and therefore it requires years of training or
expericence to actually own them.
The problem with the JB community at this point is that they don't understand that in the long run this book might bring new people into the scene of jailbreaking iDevices. Most of the people in the JB community do not understand that. They believe it will help Apple to stop jailbreaking or they consider it an attempt to make big money out of the JB community. This kind of reaction shows how little they understand of what is going on, first everybody who wrote a book about a tech topic will tell you that there is no big bucks made by writing tech books. Especially not if there are six authors for one book. And the other misbelief is that Apple employs a bunch of stupid elephants that do iOS security. In reality the people working at Apple on iOS security topics are actually quite skilled and they have way better debugging tools than the JB community will ever have. The reason why they don't kill a JB one day after a release is most probably only of political nature. Apple only seems to close JBs fast if they could be used maliciously by drive by attackers. Aside from that they keep those vulnerabilities open for a while, because every sold device is a sold device.
Also by looking at the JB community they can gather intelligence about features their customers might want, which in the long run will increase their revenue even more. I don't think Apple is really too concerned about piracy due to jailbroken devices, because they know there is only a limited amount of money you can squeeze out of a person anyway.
The problem with the JB community at this point is that they don't understand that in the long run this book might bring new people into the scene of jailbreaking iDevices. Most of the people in the JB community do not understand that. They believe it will help Apple to stop jailbreaking or they consider it an attempt to make big money out of the JB community. This kind of reaction shows how little they understand of what is going on, first everybody who wrote a book about a tech topic will tell you that there is no big bucks made by writing tech books. Especially not if there are six authors for one book. And the other misbelief is that Apple employs a bunch of stupid elephants that do iOS security. In reality the people working at Apple on iOS security topics are actually quite skilled and they have way better debugging tools than the JB community will ever have. The reason why they don't kill a JB one day after a release is most probably only of political nature. Apple only seems to close JBs fast if they could be used maliciously by drive by attackers. Aside from that they keep those vulnerabilities open for a while, because every sold device is a sold device.
Also by looking at the JB community they can gather intelligence about features their customers might want, which in the long run will increase their revenue even more. I don't think Apple is really too concerned about piracy due to jailbroken devices, because they know there is only a limited amount of money you can squeeze out of a person anyway.
What do you think about the iCommunity? Do you think it is all “populated” by pirate users or people that send yo often bad messagges?
Quote
Pirates
are everywhere and they do not concern me. If you loose any sleep
because of them, then good luck surviving in this world. I think the JB
community suffers from something worse. It is “contaminated” by leeches
that do not value other people's work at all and do not understand the
amount of work required to create things. They believe they are entitled
to get whatever they see and just need to cry out loud enough if they
don't get it. They believe they own the iPhone JB developers and that
they have to produce jailbreaks for them for all eternity or shut up.
You can see how delusional these people are when you get messages like:
“Without us you are nothing, we follow you on Twitter and we made you
famous” and then there are messages like “unfollow him to teach him a
lesson”. Everytime I see these messages I hope for mankind that these
people do not really believe that. People are not getting famous because
they have hundreds of thousands of followers on twitter, it is the
other way around: they did (create) something people liked and this
attracted followers. And if you consider yourself famous, because a few
people on the internet know your name is up to you. I don't think one
can consider himself famous until people on the street recognize your
face and you have to hide from paparazzi. Anyway the amount of followers
on twitter is only of concern to me because it is directly related to
the number of people I have to ban manually.
How's dealing with those guys everyday? I mean, not everyone can hold such a situation for so long: for example, I remember that because of this, geohot hold the iOS 4.X jailbreak. Do you see from your twitter at least some supporters for your hard work?
Quote
I
don't think it has anything todo with “hold such a situation”. In the
beginning you are annoyed and cannot believe the amount of angry and
demanding people, but once you get over that initial shock you just
continue to do whatever you want. I can understand if Geohot hold the
iOS 4.x jailbreak because of these people. Because getting this kind of
response is a wake up call that tells you that these people are not
worth that you donate your work to them for free. However Geohot and the
Chronic Dev Team are/were also collecting donations – so they obviously
got enough to keep them going.
I also think that a part of this whole situation is caused by certain jailbreak developers who write blog postings where they claim that they will work day and night to get the new jailbreak to them. This blatant lie is the kind of statement that will be loved by the crowd, while in reality work is only done when there is free time and the mood to do it. However telling the truth will make people dislike you and most probably donate less.
I also think that a part of this whole situation is caused by certain jailbreak developers who write blog postings where they claim that they will work day and night to get the new jailbreak to them. This blatant lie is the kind of statement that will be loved by the crowd, while in reality work is only done when there is free time and the mood to do it. However telling the truth will make people dislike you and most probably donate less.
We've done with our interview! Thanks for your time: would you mind say something to our users?
Quote
Oh I think I said everything I wanted to say for now and now I sit back with popcorn to await the criticisms' wav
